<?php 

require './pdoconfig.php';

try {
    $pdo = new PDO(DSN, USER, PASS);
    // var_dump($pdo);
    // 设置字符集
    $pdo->query('set names utf8');
    // 设置PDO的SQL错误模式
    $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    // 设置结果集形式为 关联数组
    $pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);

} catch (PDOException $e) {
    echo $e->getMessage();
    exit;
}


try {
    var_dump($_POST);
    $name = $_POST['name'];
    $pass = $_POST['pass'];

    // ' or 1='1
    $sql = "SELECT * FROM user2 WHERE name = ? AND pass = ?";
    echo $sql.'<hr>';

    $stmt = $pdo->prepare($sql);
    $stmt->bindParam(1, $name);
    $stmt->bindParam(2, $pass);

    $stmt->execute();


    if ($stmt->rowCount() > 0) {
        echo '登录成功!!!';
    } else {
        echo '登录失败!!!';
    }
    
} catch (PDOException $e) {
    echo $e->getMessage();
    exit;
}



